390 likes | 624 Views
Website Application Security Scanner. Presenter Deddie Tjahjono. AGENDA. Introduction Website Application Layer Why Web Application Security Web Apps Security Scanner About Feature How it Works Conclusion. Introduction. Website application layer. What is Website Application Layer ?
E N D
Website Application Security Scanner Presenter DeddieTjahjono
AGENDA • Introduction • Website Application Layer • Why Web Application Security • Web Apps Security Scanner • About • Feature • How it Works • Conclusion
Website application layer • What is Website Application Layer ? • Website Application Security
Why web Application security • Web Apps Security Concerns • Web Security Facts
Web Apps Security Concerns • Bring grave security risks: • Available 24x7x365 • Publicly available for legitimate users and hackers • Direct access to backend databases • Most web applications are custom-made • These custom applications are the most susceptible to attack. • Lack of awareness equating web security to network security.
Is your website hackable ? Why Organizations Need to Worry • Who ‘s Being Hacked ? • Choice Point Inc ($15m) • University of Southern California ($140k +) • Microsoft (Website defacement) • PayPal (Account information stolen; cost unknown) • Victoria’s Secret ($50k fine) • Hotmail (XSS detected – not fixed) • Amazon (XSS detected – not fixed) • Petco (credit cards of 500k customers stolen)
References : http://www.alliancetechpartners.com/ • TJX Companies Inc • 40 million customer cards stolen • USA, Hong Kong, Sweden, UK and Ireland. • Lawsuits to date account for about US$ 5 to 10 million • Government of Canada launching an investigation • Breach probably started in 2003 and discovered in December 2006. • Many more..
Web security facts • Gartner: 75% of Website hacks happen at the web application level. • Cisco: 95% of web applications have serious flaws, • 80% of which are vulnerable to Cross Site Scripting • Acunetix Research through Free Audits (published): 70% of sites scanned have medium to high risk vulnerabilities including: • SQL Injection • XSS • Source Code Disclosure
The Cost of being Hacked • Closure. • Lost Customer confidence, trust and reputation. • Lost Brand equity. • Downtime. • Lost revenues and profits. • Ban on processing credit cards. • Repair the damage. • New security policies. • Legal implications including fines and damages.
Typical website attacks • Most Common Vulnerabilities : • SQL Injection • Cross-Site Scripting (XSS) • Local File Inclusion (LFI) • Remote File Inclusion (RFI)
Protecting Yourself : Website Application Security Scanner
about • Audit your web applications for exploitable vulnerabilities regularly and consistently. • Three main components : • Crawling Component • Attacking Component • Analysis Modules
Feature • Crawler (File and Website Directory) • Vulnerability Scanner • SQL Injection • XSS (Cross-Site Scripting) • Local File Inclusion • Remote File Inclusion • Advanced SQL Injection (Union-Based for MySQL) • Possible Admin Entrance Search • Directory Listing Detection • Report Output
How it works • Discovery or Crawling Process Stage • Automated Scan / Attacking Stage • Reporting Stage
Types of vulnerability detection and methods • SQL Injection • Error Generation • Cross-Site Scripting • Request / Response Match • Local File Inclusion & Remote File Inclusion • Possible Admin Entrance • Dictionary Attack • Advanced SQL Injection • Union-Based
Sql injection • a code injection technique that exploits a security vulnerability occurring in the database layer of an application. • SQL Injection Types : • Error-Based SQL Injection • Union-Based SQL Injection • Blind SQL Injection
SQL Injection types of attack • Error Based : • Asking the DB a Question that will cause a error, and obtaining information from the error. • Union-Based : • The SQL Union is used to combine the results of two or more SELECT SQL into a single result. Really useful for SQL Injection. • Blind : • Asking the DB about true/false question and using whether valid page returned or not.
How to identify SQL Injection ? • Error Generation Method : • By injecting the character in the original SQL request to generate a syntax error which could result in an SQL error message displayed in the HTTP reply.
Cross-site scripting (XSS) • Type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.
How to identify Cross-site Scripting ? • Request / response match • On every request relevant request data is matched against extracted code • A match of given length is treated as a potential XSS attempt • Matching is applied to code only
Local file inclusion (LFI) & Remote file inclusion (RFI) • Technique that allows an attacker to include a remote file usually through a script on the web server. The vulnerability occurs due to the use of user supplied input without proper validation. • Local File Inclusion : • Allows attacker to access all the files on the server • Remote File Inclusion : • allows attacker to include file from external servers
Possible admin entrance • A Feature that tries to get possible admin entrance on the target website • Use Dictionary Attack method
How to search possible admin entrance ? • Dictionary attack : • technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. • Contrast with brute force attack, this method tries only those possibilities which are most likely to succeed
User interface Main Interface
USER INTERFACE Attacking Stage Advanced Attack Stage
User interface Possible Admin Entrance Check For Updates